xref: /freebsd/contrib/sendmail/src/README (revision 3dd5524264095ed8612c28908e13f80668eff2f9)
1# Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
2#	All rights reserved.
3# Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
4# Copyright (c) 1988
5#	The Regents of the University of California.  All rights reserved.
6#
7# By using this file, you agree to the terms and conditions set
8# forth in the LICENSE file which can be found at the top level of
9# the sendmail distribution.
10#
11
12This directory contains the source files for sendmail(TM).
13
14   *******************************************************************
15   !! Read sendmail/SECURITY for important installation information !!
16   *******************************************************************
17
18	**********************************************************
19	**  Read below for more details on building sendmail.	**
20	**********************************************************
21
22**************************************************************************
23**  IMPORTANT:  Read the appropriate paragraphs in the section on	**
24**  ``Operating System and Compile Quirks''.				**
25**************************************************************************
26
27For detailed instructions, please read the document ../doc/op/op.me:
28
29	cd ../doc/op ; make op.ps op.txt
30
31Sendmail is a trademark of Proofpoint, Inc.
32US Patent Numbers 6865671, 6986037.
33
34
35+-------------------+
36| BUILDING SENDMAIL |
37+-------------------+
38
39By far, the easiest way to compile sendmail is to use the "Build"
40script:
41
42	sh ./Build
43
44This uses the "uname" command to figure out what architecture you are
45on and creates a proper Makefile accordingly.  It also creates a
46subdirectory per object format, so that multiarchitecture support is
47easy.  In general this should be all you need.  IRIX 6.x users should
48read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
49
50If you need to look at other include or library directories, use the
51-I or -L flags on the command line, e.g.,
52
53	sh ./Build -I/usr/sww/include -L/usr/sww/lib
54
55It's also possible to create local site configuration in the file
56site.config.m4 (or another file settable with the -f flag).  This
57file contains M4 definitions for various compilation values; the
58most useful are:
59
60confMAPDEF	-D flags to specify database types to be included
61		(see below)
62confENVDEF	-D flags to specify other environment information
63confINCDIRS	-I flags for finding include files during compilation
64confLIBDIRS	-L flags for finding libraries during linking
65confLIBS	-l flags for selecting libraries during linking
66confLDOPTS	other ld(1) linker options
67
68Others can be found by examining Makefile.m4.  Please read
69../devtools/README for more information about the site.config.m4
70file.
71
72You can recompile from scratch using the -c flag with the Build
73command.  This removes the existing compilation directory for the
74current platform and builds a new one.  The -c flag must also
75be used if any site.*.m4 file in devtools/Site/ is changed.
76
77Porting to a new Unix-based system should be a matter of creating
78an appropriate configuration file in the devtools/OS/ directory.
79
80
81+----------------------+
82| DATABASE DEFINITIONS |
83+----------------------+
84
85There are several database formats that can be used for the alias files
86and for general maps.  When used for alias files they interact in an
87attempt to be backward compatible.
88
89The options are:
90
91CDB		Constant DataBase, requires tinycdb (0.75), see
92		http://www.corpit.ru/mjt/tinycdb.html
93		CDB is included automatically if the Build script can find
94		a library named libcdb.a or libcdb.so.
95		By default, .cdb is used as extension for cdb maps, however,
96		if CDB is set to 2, then .db is used to make transition from
97		hash maps easier.  Note: this usually requires to exclude cdb
98		from confLIBSEARCH, see devtools/README.
99NEWDB		The new Berkeley DB package.  Some systems (e.g., BSD/OS and
100		Digital UNIX 4.0) have some version of this package
101		pre-installed.  If your system does not have Berkeley DB
102		pre-installed, or the version installed is not version 2.0
103		or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
104		current version from http://www.sleepycat.com/.  DO NOT
105		use a version from any of the University of California,
106		Berkeley "Net" or other distributions.  If you are still
107		running BSD/386 1.x, you will need to upgrade the included
108		Berkeley DB library to a current version.  NEWDB is included
109		automatically if the Build script can find a library named
110		libdb.a or libdb.so.
111		See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
112		DB versions, e.g., DB 4.1.x.
113NDBM		The older NDBM implementation -- the very old V7 DBM
114		implementation is no longer supported.
115NIS		Network Information Services.  To use this you must have
116		NIS support on your system.
117NISPLUS		NIS+ (the revised NIS released with Solaris 2).  You must
118		have NIS+ support on your system to use this flag.
119HESIOD		Support for Hesiod (from the DEC/Athena distribution).  You
120		must already have Hesiod support on your system for this to
121		work.  You may be able to get this to work with the MIT/Athena
122		version of Hesiod, but that's likely to be a lot of work.
123		BIND 8.X also includes Hesiod support.
124LDAPMAP		Lightweight Directory Access Protocol support.  You will
125		have to install the UMich or OpenLDAP
126		(http://www.openldap.org/) ldap and lber libraries to use
127		this flag.
128MAP_REGEX	Regular Expression support.  You will need to use an
129		operating system which comes with the POSIX regex()
130		routines or install a regexp library such as libregex from
131		the Free Software Foundation.
132DNSMAP		DNS map support.  Requires NAMED_BIND.
133PH_MAP		PH map support.
134MAP_NSD		nsd map support (IRIX 6.5 and later).
135SOCKETMAP	Support for a trivial query protocol over UNIX domain or TCP
136		sockets.
137
138>>>  NOTE WELL for NEWDB support: If you want to get ndbm support, for
139>>>  Berkeley DB versions under 2.0, it is CRITICAL that you remove
140>>>  ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
141>>>  for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
142>>>  before you install it.  If you don't delete these, there is absolutely
143>>>  no point to including -DNDBM, since it will just get you another
144>>>  (inferior) API to the same format database.  These files OVERRIDE
145>>>  calls to ndbm routines -- in particular, if you leave ndbm.h in,
146>>>  you can find yourself using the new db package even if you don't
147>>>  define NEWDB.  Berkeley DB versions later than 2.3.14 do not need
148>>>  to be modified.  Please also consult the README in the top level
149>>>  directory of the sendmail distribution for other important information.
150>>>
151>>>  Further note: DO NOT remove your existing /usr/include/ndbm.h --
152>>>  you need that one.  But do not install an updated ndbm.h in
153>>>  /usr/include, /usr/local/include, or anywhere else.
154
155If NEWDB and NDBM are defined (but not NIS), then sendmail will read
156NDBM format alias files, but the next time a newaliases is run the
157format will be converted to NEWDB; that format will be used forever
158more.  This is intended as a transition feature.
159
160If NEWDB, NDBM, and NIS are all defined and the name of the file includes
161the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
162alias files.  However, it will only read the NEWDB file; the NDBM format
163file is used only by the NIS subsystem.  This is needed because the NIS
164maps on an NIS server are built directly from the NDBM files.
165
166If NDBM and NIS are defined (regardless of the definition of NEWDB),
167and the filename includes the string "/yp/", sendmail adds the special
168tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
169required if the NDBM file is to be used as an NIS map.
170
171All of these flags are normally defined in a confMAPDEF setting in your
172site.config.m4.
173
174If you define NEWDB or HESIOD you get the User Database (USERDB)
175automatically.  Generally you do want to have NEWDB for it to do
176anything interesting.  See above for getting the Berkeley DB
177package (i.e., NEWDB).  There is no separate "user database"
178package -- don't bother searching for it on the net.
179
180Hesiod and LDAP require libraries that may not be installed with your
181system.  These are outside of my ability to provide support.  See the
182"Quirks" section for more information.
183
184The regex map can be used to see if an address matches a certain regular
185expression.  For example, all-numerics local parts are common spam
186addresses, so "^[0-9]+$" would match this.  By using such a map in a
187check_* rule-set, you can block a certain range of addresses that would
188otherwise be considered valid.
189
190The socket map uses a simple request/reply protocol over TCP or
191UNIX domain sockets to query an external server. Both requests and
192replies are text based and encoded as netstrings.  The socket map
193uses the same syntax as milters the specify the remote endpoint,
194e.g.:
195
196KmySocketMap socket inet:12345@127.0.0.1
197
198See doc/op/op.me for details.
199
200
201+---------------+
202| COMPILE FLAGS |
203+---------------+
204
205Wherever possible, I try to make sendmail pull in the correct
206compilation options needed to compile on various environments based on
207automatically defined symbols.  Some machines don't seem to have useful
208symbols available, requiring that a compilation flag be defined in
209the Makefile; see the devtools/OS subdirectory for the supported
210architectures.
211
212If you are a system to which sendmail has already been ported you
213should not have to touch the following symbols.  But if you are porting,
214you may have to tweak the following compilation flags in conf.h in order
215to get it to compile and link properly:
216
217SYSTEM5		Adjust for System V (not necessarily Release 4).
218SYS5SIGNALS	Use System V signal semantics -- the signal handler
219		is automatically dropped when the signal is caught.
220		If this is not set, use POSIX/BSD semantics, where the
221		signal handler stays in force until an exec or an
222		explicit delete.  Implied by SYSTEM5.
223SYS5SETPGRP	Use System V setpgrp() semantics.  Implied by SYSTEM5.
224HASNICE		Define this to zero if you lack the nice(2) system call.
225HASRRESVPORT	Define this to zero if you lack the rresvport(3) system call.
226HASFCHMOD	Define this to one if you have the fchmod(2) system call.
227		This improves security.
228HASFCHOWN	Define this to one if you have the fchown(2) system call.
229		This is required for the TrustedUser option if sendmail
230		must rebuild an (alias) map.
231HASFLOCK	Set this if you prefer to use the flock(2) system call
232		rather than using fcntl-based locking.  Fcntl locking
233		has some semantic gotchas, but many vendor systems
234		also interface it to lockd(8) to do NFS-style locking.
235		Unfortunately, may vendors implementations of fcntl locking
236		is just plain broken (e.g., locks are never released,
237		causing your sendmail to deadlock; when the kernel runs
238		out of locks your system crashes).  For this reason, I
239		recommend always defining this unless you are absolutely
240		certain that your fcntl locking implementation really works.
241HASUNAME	Set if you have the "uname" system call.  Implied by
242		SYSTEM5.
243HASUNSETENV	Define this if your system library has the "unsetenv"
244		subroutine.
245HASSETSID	Define this if you have the setsid(2) system call.  This
246		is implied if your system appears to be POSIX compliant.
247HASINITGROUPS	Define this if you have the initgroups(3) routine.
248HASSETVBUF	Define this if you have the setvbuf(3) library call.
249		If you don't, setlinebuf will be used instead.  This
250		defaults on if your compiler defines __STDC__.
251HASSETREUID	Define this if you have setreuid(2) ***AND*** root can
252		use setreuid to change to an arbitrary user.  This second
253		condition is not satisfied on AIX 3.x.  You may find that
254		your system has setresuid(2), (for example, on HP-UX) in
255		which case you will also have to #define setreuid(r, e)
256		to be the appropriate call.  Some systems (such as Solaris)
257		have a compatibility routine that doesn't work properly,
258		but may have "saved user ids" properly implemented so you
259		can ``#define setreuid(r, e) seteuid(e)'' and have it work.
260		The important thing is that you have a call that will set
261		the effective uid independently of the real or saved uid
262		and be able to set the effective uid back again when done.
263		There's a test program in ../test/t_setreuid.c that will
264		try things on your system.  Setting this improves the
265		security, since sendmail doesn't have to read .forward
266		and :include: files as root.  There are certain attacks
267		that may be unpreventable without this call.
268USESETEUID	Define this to 1 if you have a seteuid(2) system call that
269		will allow root to set only the effective user id to an
270		arbitrary value ***AND*** you have saved user ids.  This is
271		preferable to HASSETREUID if these conditions are fulfilled.
272		These are the semantics of the to-be-released revision of
273		Posix.1.  The test program ../test/t_seteuid.c will try
274		this out on your system.  If you define both HASSETREUID
275		and USESETEUID, the former is ignored.
276HASSETEGID	Define this if you have setegid(2) and it can be
277		used to set the saved gid.  Please run t_dropgid in
278		test/ if you are not sure whether the call works.
279HASSETREGID	Define this if you have setregid(2) and it can be
280		used to set the saved gid.  Please run t_dropgid in
281		test/ if you are not sure whether the call works.
282HASSETRESGID	Define this if you have setresgid(2) and it can be
283		used to set the saved gid.  Please run t_dropgid in
284		test/ if you are not sure whether the call works.
285HASLSTAT	Define this if you have symbolic links (and thus the
286		lstat(2) system call).  This improves security.  Unlike
287		most other options, this one is on by default, so you
288		need to #undef it in conf.h if you don't have symbolic
289		links (these days everyone does).
290HASSETRLIMIT	Define this to 1 if you have the setrlimit(2) syscall.
291		You can define it to 0 to force it off.  It is assumed
292		if you are running a BSD-like system.
293HASULIMIT	Define this if you have the ulimit(2) syscall (System V
294		style systems).  HASSETRLIMIT overrides, as it is more
295		general.
296HASWAITPID	Define this if you have the waitpid(2) syscall.
297HASGETDTABLESIZE
298		Define this if you have the getdtablesize(2) syscall.
299HAS_GETHOSTBYNAME2	Define this to 1 if your system supports
300		gethostbyname2(2).
301HAS_ST_GEN	Define this to 1 if your system has the st_gen field in
302		the stat structure (see stat(2)).
303HASSRANDOMDEV	Define this if your system has the srandomdev(3) function
304		call.
305HASURANDOMDEV	Define this if your system has /dev/urandom(4).
306HASSTRERROR	Define this if you have the libc strerror(3) function (which
307		should be declared in <errno.h>), and it should be used
308		instead of sys_errlist.
309HASCLOSEFROM	Define this if your system has closefrom(3).
310HASFDWALK	Define this if your system has fdwalk(3).
311SM_CONF_GETOPT	Define this as 0 if you need a reimplementation of getopt(3).
312		On some systems, getopt does very odd things if called
313		to scan the arguments twice.  This flag will ask sendmail
314		to compile in a local version of getopt that works
315		properly.  You may also need this if you build with
316		another library that introduces a non-standard getopt(3).
317NEEDSTRTOL	Define this if your standard C library does not define
318		strtol(3).  This will compile in a local version.
319NEEDFSYNC	Define this if your standard C library does not define
320		fsync(2).  This will try to simulate the operation using
321		fcntl(2); if that is not available it does nothing, which
322		isn't great, but at least it compiles and runs.
323HASGETUSERSHELL	Define this to 1 if you have getusershell(3) in your
324		standard C library.  If this is not defined, or is defined
325		to be 0, sendmail will scan the /etc/shells file (no
326		NIS-style support, defaults to /bin/sh and /bin/csh if
327		that file does not exist) to get a list of unrestricted
328		user shells.  This is used to determine whether users
329		are allowed to forward their mail to a program or a file.
330NEEDPUTENV	Define this if your system needs am emulation of the
331		putenv(3) call.  Define to 1 to implement it in terms
332		of setenv(3) or to 2 to do it in terms of primitives.
333NOFTRUNCATE	Define this if you don't have the ftruncate(2) syscall.
334		If you don't have this system call, there is an unavoidable
335		race condition that occurs when creating alias databases.
336NO_EOH_FIELDS	Define this to disable the special handling of the headers
337		Message: and Text: to denote the end of the message header.
338GIDSET_T	The type of entries in a gidset passed as the second
339		argument to getgroups(2).  Historically this has been an
340		int, so this is the default, but some systems (such as
341		IRIX) pass it as a gid_t, which is an unsigned short.
342		This will make a difference, so it is important to get
343		this right!  However, it is only an issue if you have
344		group sets.
345SLEEP_T		The type returned by the system sleep() function.
346		Defaults to "unsigned int".  Don't worry about this
347		if you don't have compilation problems.
348ARBPTR_T	The type of an arbitrary pointer -- defaults to "void *".
349		If you are an very old compiler you may need to define
350		this to be "char *".
351SOCKADDR_LEN_T	The type used for the third parameter to accept(2),
352		getsockname(2), and getpeername(2), representing the
353		length of a struct sockaddr.  Defaults to int.
354SOCKOPT_LEN_T	The type used for the fifth parameter to getsockopt(2)
355		and setsockopt(2), representing the length of the option
356		buffer.  Defaults to int.
357LA_TYPE		The type of load average your kernel supports.  These
358		can be one of:
359		 LA_ZERO (1) -- it always returns the load average as
360			"zero" (and does so on all architectures).
361		 LA_INT (2) to read /dev/kmem for the symbol avenrun and
362			interpret as a long integer.
363		 LA_FLOAT (3) same, but interpret the result as a floating
364			point number.
365		 LA_SHORT (6) to interpret as a short integer.
366		 LA_SUBR (4) if you have the getloadavg(3) routine in your
367			system library.
368		 LA_MACH (5) to use MACH-style load averages (calls
369			processor_set_info()),
370		 LA_PROCSTR (7) to read /proc/loadavg and interpret it
371			as a string representing a floating-point
372			number (Linux-style).
373		 LA_READKSYM (8) is an implementation suitable for some
374			versions of SVr4 that uses the MIOC_READKSYM ioctl
375			call to read /dev/kmem.
376		 LA_DGUX (9) is a special implementation for DG/UX that uses
377			the dg_sys_info system call.
378		 LA_HPUX (10) is an HP-UX specific version that uses the
379			pstat_getdynamic system call.
380		 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
381			to 32 or 64 bit kernels; it is otherwise very similar
382			to LA_INT.
383		 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
384			implementation.
385		 LA_DEVSHORT (13) reads a short from a system file (default:
386			/dev/table/avenrun) and scales it in the same manner
387			as LA_SHORT.
388		 LA_LONGLONG (17) to read /dev/kmem for the symbol avenrun and
389			interpret as a long long integer (e.g., for 64 bit
390			systems).
391		LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
392		other parameters that they try to divine: the name of your
393		kernel, the name of the variable in the kernel to examine,
394		the number of bits of precision in a fixed point load average,
395		and so forth.  LA_DEVSHORT uses _PATH_AVENRUN to find the
396		device to be read to find the load average.
397		In desperation, use LA_ZERO.  The actual code is in
398		conf.c -- it can be tweaked if you are brave.
399FSHIFT		For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
400		of bits of load average after the binary point -- i.e.,
401		the number of bits to shift right in order to scale the
402		integer to get the true integer load average.  Defaults to 8.
403_PATH_UNIX	The path to your kernel.  Needed only for LA_INT, LA_SHORT,
404		and LA_FLOAT.  Defaults to "/unix" on System V, "/vmunix"
405		everywhere else.
406LA_AVENRUN	For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
407		variable that holds the load average.  Defaults to "avenrun"
408		on System V, "_avenrun" everywhere else.
409SFS_TYPE	Encodes how your kernel can locate the amount of free
410		space on a disk partition.  This can be set to SFS_NONE
411		(0) if you have no way of getting this information,
412		SFS_USTAT (1) if you have the ustat(2) system call,
413		SFS_4ARGS (2) if you have a four-argument statfs(2)
414		system call (and the include file is <sys/statfs.h>),
415		SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
416		the two-argument statfs(2) system call with includes in
417		<sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
418		or SFS_STATVFS (6) if you have the two-argument statvfs(2)
419		call.  The default if nothing is defined is SFS_NONE.
420SFS_BAVAIL	with SFS_4ARGS you can also set SFS_BAVAIL to the field name
421		in the statfs structure that holds the useful information;
422		this defaults to f_bavail.
423SPT_TYPE	Encodes how your system can display what a process is doing
424		on a ps(1) command (SPT stands for Set Process Title).  Can
425		be set to:
426		SPT_NONE (0) -- Don't try to set the process title at all.
427		SPT_REUSEARGV (1) -- Pad out your argv with the information;
428			this is the default if none specified.
429		SPT_BUILTIN (2) -- The system library has setproctitle.
430		SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
431			to set the process title; this is used by HP-UX.
432		SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
433		SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
434		SPT_SCO (6) -- Write kernel u. area.
435		SPT_CHANGEARGV (7) -- Write pointers to our own strings into
436			the existing argv vector.
437SPT_PADCHAR	Character used to pad the process title; if undefined,
438		the space character (0x20) is used.  This is ignored if
439		SPT_TYPE != SPT_REUSEARGV
440ERRLIST_PREDEFINED
441		If set, assumes that some header file defines sys_errlist.
442		This may be needed if you get type conflicts on this
443		variable -- otherwise don't worry about it.
444WAITUNION	The wait(2) routine takes a "union wait" argument instead
445		of an integer argument.  This is for compatibility with
446		old versions of BSD.
447SCANF		You can set this to extend the F command to accept a
448		scanf string -- this gives you a primitive parser for
449		class definitions -- BUT it can make you vulnerable to
450		core dumps if the target file is poorly formed.
451SYSLOG_BUFSIZE	You can define this to be the size of the buffer that
452		syslog accepts.  If it is not defined, it assumes a
453		1024-byte buffer.  If the buffer is very small (under
454		256 bytes) the log message format changes -- each
455		e-mail message will log many more messages, since it
456		will log each piece of information as a separate line
457		in syslog.
458BROKEN_RES_SEARCH
459		On Ultrix (and maybe other systems?) if you use the
460		res_search routine with an unknown host name, it returns
461		-1 but sets h_errno to 0 instead of HOST_NOT_FOUND.  If
462		you set this, sendmail considers 0 to be the same as
463		HOST_NOT_FOUND.
464NAMELISTMASK	If defined, values returned by nlist(3) are masked
465		against this value before use -- a common value is
466		0x7fffffff to strip off the top bit.
467BSD4_4_SOCKADDR	If defined, socket addresses have an sa_len field that
468		defines the length of this address.
469SAFENFSPATHCONF	Set this to 1 if and only if you have verified that a
470		pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
471		NFS filesystem where the underlying system allows users to
472		give away files to other users returns <= 0.  Be sure you
473		try both on NFS V2 and V3.  Some systems assume that their
474		local policy apply to NFS servers -- this is a bad
475		assumption!  The test/t_pathconf.c program will try this
476		for you -- you have to run it in a directory that is
477		mounted from a server that allows file giveaway.
478SIOCGIFCONF_IS_BROKEN
479		Set this if your system has an SIOCGIFCONF ioctl defined,
480		but it doesn't behave the same way as "most" systems (BSD,
481		Solaris, SunOS, HP-UX, etc.)
482SIOCGIFNUM_IS_BROKEN
483		Set this if your system has an SIOCGIFNUM ioctl defined,
484		but it doesn't behave the same way as "most" systems
485		(Solaris, HP-UX).
486FAST_PID_RECYCLE
487		Set this if your system can reuse the same PID in the same
488		second.
489SO_REUSEADDR_IS_BROKEN
490		Set this if your system has a setsockopt() SO_REUSEADDR
491		flag but doesn't pay attention to it when trying to bind a
492		socket to a recently closed port.
493NEEDSGETIPNODE	Set this if your system supports IPv6 but doesn't include
494		the getipnodeby{name,addr}() functions.  Set automatically
495		for Linux's glibc.
496PIPELINING	Support SMTP PIPELINING	(set by default).
497USING_NETSCAPE_LDAP
498		Deprecated in favor of SM_CONF_LDAP_MEMFREE.  See
499		libsm/README.
500NEEDLINK	Set this if your system doesn't have a link() call.  It
501		will create a copy of the file instead of a hardlink.
502USE_ENVIRON	Set this to 1 to access process environment variables from
503		the external variable environ instead of the third
504		parameter of main().
505USE_DOUBLE_FORK By default this is on (1).  Set it to 0 to suppress the
506		extra fork() used to avoid intermediate zombies.
507ALLOW_255	Do not convert (char)0xff to (char)0x7f in headers etc.
508		This can also be done at runtime with the command line
509		option -d82.101.
510NEEDINTERRNO	Set this if <errno.h> does not declare errno, i.e., if an
511		application needs to use
512		extern int errno;
513USE_TTYPATH	Set this to 1 to enable ErrorMode=write.
514USESYSCTL	Use sysctl(3) to determine the number of CPUs in a system.
515HASSNPRINTF	Set this to 1 if your OS has a working snprintf(3), i.e.,
516		it properly obeys the size of the buffer and returns the
517		number of characters that would have been printed if the
518		size were unlimited.
519LDAP_REFERRALS	Set this if you want to use the -R flag (do not auto chase
520		referrals) for LDAP maps (requires -DLDAPMAP).
521MILTER_NO_NAGLE	Turn off Nagle algorithm for communication with libmilter
522		("cork" on Linux).  On some operating systems this may
523		improve the interprocess communication performance.
524
525
526+-----------------------+
527| COMPILE-TIME FEATURES |
528+-----------------------+
529
530There are a bunch of features that you can decide to compile in, such
531as selecting various database packages and special protocol support.
532Several are assumed based on other compilation flags -- if you want to
533"un-assume" something, you probably need to edit conf.h.  Compilation
534flags that add support for special features include:
535
536CDB		Include support for tinycdb.
537NDBM		Include support for "new" DBM library for aliases and maps.
538		Normally defined in the Makefile.
539NEWDB		Include support for Berkeley DB package (hash & btree)
540		for aliases and maps.  Normally defined in the Makefile.
541		If the version of NEWDB you have is the old one that does
542		not include the "fd" call (this call was added in version
543		1.5 of the Berkeley DB code), you must upgrade to the
544		current version of Berkeley DB.
545NIS		Define this to get NIS (YP) support for aliases and maps.
546		Normally defined in the Makefile.
547NISPLUS		Define this to get NIS+ support for aliases and maps.
548		Normally defined in the Makefile.
549HESIOD		Define this to get Hesiod support for aliases and maps.
550		Normally defined in the Makefile.
551NETINFO		Define this to get NeXT NetInfo support for aliases and maps.
552		Normally defined in the Makefile.
553LDAPMAP		Define this to get LDAP support for maps.
554PH_MAP		Define this to get PH support for maps.
555MAP_NSD		Define this to get nsd support for maps.
556USERDB		Define this to 1 to include support for the User Information
557		Database.  Implied by NEWDB or HESIOD.  You can use
558		-DUSERDB=0 to explicitly turn it off.
559IDENTPROTO	Define this as 1 to get IDENT (RFC 1413) protocol support.
560		This is assumed unless you are running on Ultrix or
561		HP-UX, both of which have a problem in the UDP
562		implementation.  You can define it to be 0 to explicitly
563		turn off IDENT protocol support.  If defined off, the code
564		is actually still compiled in, but it defaults off; you
565		can turn it on by setting the IDENT timeout in the
566		configuration file.
567IP_SRCROUTE	Define this to 1 to get IP source routing information
568		displayed in the Received: header.  This is assumed on
569		most systems, but some (e.g., Ultrix) apparently have a
570		broken version of getsockopt that doesn't properly
571		support the IP_OPTIONS call.  You probably want this if
572		your OS can cope with it.  Symptoms of failure will be that
573		it won't compile properly (that is, no support for fetching
574		IP_OPTIONs), or it compiles but source-routed TCP connections
575		either refuse to open or open and hang for no apparent reason.
576		Ultrix and AIX3 are known to fail this way.
577LOG		Set this to get syslog(3) support.  Defined by default
578		in conf.h.  You want this if at all possible.
579NETINET		Set this to get TCP/IP support.  Defined by default
580		in conf.h.  You probably want this.
581NETINET6	Set this to get IPv6 support.  Other configuration may
582		be needed in conf.h for your particular operating system.
583		Also, DaemonPortOptions must be set appropriately for
584		sendmail to accept IPv6 connections.
585NETISO		Define this to get ISO networking support.
586NETUNIX		Define this to get Unix domain networking support.  Defined
587		by default.  A few bizarre systems (SCO, ISC, Altos) don't
588		support this networking domain.
589NETNS		Define this to get NS networking support.
590NETX25		Define this to get X.25 networking support.
591NAMED_BIND	If non-zero, include DNS (name daemon) support, including
592		MX support.  The specs say you must use this if you run
593		SMTP.  You don't have to be running a name server daemon
594		on your machine to need this -- any use of the DNS resolver,
595		including remote access to another machine, requires this
596		option.  Defined by default in conf.h.  Define it to zero
597		ONLY on machines that do not use DNS in any way.
598MATCHGECOS	Permit fuzzy matching of user names against the full
599		name (GECOS) field in the /etc/passwd file.  This should
600		probably be on, since you can disable it from the config
601		file if you want to.  Defined by default in conf.h.
602MIME8TO7	If non-zero, include 8 to 7 bit MIME conversions.  This
603		also controls advertisement of 8BITMIME in the ESMTP
604		startup dialogue.
605MIME7TO8_OLD	If 0 then use an algorithm for MIME 7-bit quoted-printable
606		or base64 encoding to 8-bit text that has been introduced
607		in 8.12.3.  There are some examples where that code fails,
608		but the old code works.  If you have an example of improper
609		7 to 8 bit conversion please send it to sendmail-bugs.
610MIME7TO8	If non-zero, include 7 to 8 bit MIME conversions.
611HES_GETMAILHOST	Define this to 1 if you are using Hesiod with the
612		hes_getmailhost() routine.  This is included with the MIT
613		Hesiod distribution, but not with the DEC Hesiod distribution.
614XDEBUG		Do additional internal checking.  These don't cost too
615		much; you might as well leave this on.
616TCPWRAPPERS	Turns on support for the TCP wrappers library (-lwrap).
617		See below for further information.
618SECUREWARE	Enable calls to the SecureWare luid enabling/changing routines.
619		SecureWare is a C2 security package added to several UNIX's
620		(notably ConvexOS) to get a C2 Secure system.  This
621		option causes mail delivery to be done with the luid of the
622		recipient.
623SHARE_V1	Support for the fair share scheduler, version 1.  Setting to
624		1 causes final delivery to be done using the recipients
625		resource limitations.  So far as I know, this is only
626		supported on ConvexOS.
627SASL		Enables SMTP AUTH (RFC 2554).  This requires the Cyrus SASL
628		library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/).  Please
629		install at least version 1.5.13.  See below for further
630		information: SASL COMPILATION AND CONFIGURATION.  If your
631		SASL library is older than 1.5.10, you have to set this
632		to its version number using a simple conversion:  a.b.c
633		-> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
634		Note: Using an older version than 1.5.5 of Cyrus SASL is
635		not supported.  Starting with version 1.5.10, setting SASL=1
636		is sufficient.  Any value other than 1 (or 0) will be
637		compared with the actual version found and if there is a
638		mismatch, compilation will fail.
639EGD		Define this if your system has EGD installed, see
640		http://egd.sourceforge.net/ .  It should be used to
641		seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
642STARTTLS	Enables SMTP STARTTLS (RFC 2487).  This requires OpenSSL
643		(http://www.OpenSSL.org/); use OpenSSL 0.9.8zc or later.
644		See STARTTLS COMPILATION AND CONFIGURATION for further
645		information.
646TLS_EC		Enable use of elliptic curve cryptography in STARTTLS.
647		If set to 2 sendmail uses SSL_CTX_set_ecdh_auto(),
648		if set to 1 it selects the NID_X9_62_prime256v1 curve
649		(created via EC_KEY_new_by_curve_name()) and uses
650		SSL_CTX_set_tmp_ecdh().
651		Support offered by different TLS libraries varies
652		greatly: some old versions do not support elliptic curve
653		cryptography at all, some new versions have it enabled
654		by default (i.e., no need to set TLS_EC at all), while
655		others may require one of the above settings.
656TLS_NO_RSA	Turn off support for RSA algorithms in STARTTLS.
657MILTER		Turn on support for external filters using the Milter API;
658		this option is set by default, to turn it off use
659			APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0')
660		in devtools/Site/site.config.m4 (see devtools/README).
661		See libmilter/README for more information about milter.
662REQUIRES_DIR_FSYNC	Turn on support for file systems that require to
663		call fsync() for a directory if the meta-data in it has
664		been changed.  This should be turned on at least for older
665		versions of ReiserFS; it is enabled by default for Linux.
666		According to some information this flag is not needed
667		anymore for kernel 2.4.16 and newer.  We would appreciate
668		feedback about the semantics of the various file systems
669		available for Linux.
670		An alternative to this compile time flag is to mount the
671		queue directory without the -async option, or using
672		chattr +S on Linux.
673DBMMODE		The default file permissions to use when creating new
674		database files for maps and aliases.  Defaults to 0640.
675IPV6_FULL	Use uncompressed IPv6 addresses (set by default).  This
676		permits a zero subnet to have a more specific match,
677		such as different map entries for IPv6:0:0 vs IPv6:0.
678
679Generic notice: If you enable a compile time option that needs
680libraries or include files that don't come with sendmail or are
681installed in a location that your C compiler doesn't use by default
682you should set confINCDIRS and confLIBDIRS as explained in the
683first section:  BUILDING SENDMAIL.
684
685
686+---------------------+
687| DNS/RESOLVER ISSUES |
688+---------------------+
689
690Many systems have old versions of the resolver library.  At a minimum,
691you should be running BIND 4.8.3; older versions may compile, but they
692have known bugs that should give you pause.
693
694Common problems in old versions include "undefined" errors for
695dn_skipname.
696
697Some people have had a problem with BIND 4.9; it uses some routines
698that it expects to be externally defined such as strerror().  It may
699help to link with "-l44bsd" to solve this problem.  This has apparently
700been fixed in later versions of BIND, starting around 4.9.3.  In other
701words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
702later versions, you do not.
703
704!PLEASE! be sure to link with the same version of the resolver as
705the header files you used -- some people have used the 4.9 headers
706and linked with BIND 4.8 or vice versa, and it doesn't work.
707Unfortunately, it doesn't fail in an obvious way -- things just
708subtly don't work.
709
710WILDCARD MX RECORDS ARE A BAD IDEA!  The only situation in which they
711work reliably is if you have two versions of DNS, one in the real world
712which has a wildcard pointing to your firewall, and a completely
713different version of the database internally that does not include
714wildcard MX records that match your domain.  ANYTHING ELSE WILL GIVE
715YOU HEADACHES!
716
717When attempting to canonify a hostname, some broken name servers will
718return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.  If you
719want to excuse this behavior, include WorkAroundBrokenAAAA in
720ResolverOptions.  However, instead, we recommend catching the problem and
721reporting it to the name server administrator so we can rid the world of
722broken name servers.
723
724
725+----------------------------------------+
726| STARTTLS COMPILATION AND CONFIGURATION |
727+----------------------------------------+
728
729Please read the documentation accompanying the OpenSSL library.  You
730have to compile and install the OpenSSL libraries before you can compile
731sendmail.  See devtools/README how to set the correct compile time
732parameters; you should at least set the following variables:
733
734APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
735APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
736
737If you have installed the OpenSSL libraries and include files in
738a location that your C compiler doesn't use by default you should
739set confINCDIRS and confLIBDIRS as explained in the first section:
740BUILDING SENDMAIL.
741
742Configuration information can be found in doc/op/op.me (required
743certificates) and cf/README (how to tell sendmail about certificates).
744
745To perform an initial test, connect to your sendmail daemon
746(telnet localhost 25) and issue a EHLO localhost and see whether
747250-STARTTLS
748is in the response.  If it isn't, run the daemon with
749-O LogLevel=14
750and try again.  Then take a look at the logfile and see whether
751there are any problems listed about permissions (unsafe files)
752or the validity of X.509 certificates.
753
754From: Garrett Wollman <wollman@lcs.mit.edu>
755
756    If your certificate authority is hierarchical, and you only include
757    the top-level CA certificate in the CACertFile file, some mail clients
758    may be unable to infer the proper certificate chain when selecting a
759    client certificate.  Including the bottom-level CA certificate(s) in
760    the CACertFile file will allow these clients to work properly.  This
761    is not necessary if you are not using client certificates for
762    authentication, or if all your clients are running Sendmail or other
763    programs using the OpenSSL library (which get it right automatically).
764    In addition, some mail clients are totally incapable of using
765    certificate authentication -- even some of those which already support
766    SSL/TLS for confidentiality.
767
768
769+------------------------------------+
770| SASL COMPILATION AND CONFIGURATION |
771+------------------------------------+
772
773Please read the documentation accompanying the Cyrus SASL library
774(INSTALL and README, especially about Sendmail.conf).  If you use
775Berkeley DB for Cyrus SASL then you must compile sendmail with the
776same version of Berkeley DB.  See devtools/README for how to set
777the correct compile time parameters; you should at least set the
778following variables:
779
780APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL=2')
781APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
782
783If you have installed the Cyrus SASL library and include files in
784a location which your C compiler doesn't use by default you should
785set confINCDIRS and confLIBDIRS as explained in the first section:
786BUILDING SENDMAIL.
787
788You have to select and install authentication mechanisms and tell
789sendmail where to find the sasl library and the include files (see
790devtools/README for the parameters to set).  Set up the required
791users and passwords as explained in the SASL documentation.  See
792also cf/README for authentication related options (especially
793"Providing SMTP AUTH Data when sendmail acts as Client"
794if you want authentication between MTAs).
795
796To perform an initial test, connect to your sendmail daemon
797(telnet localhost 25) and issue a EHLO localhost and see whether
798250-AUTH ....
799is in the response.  If it isn't, run the daemon with
800-O LogLevel=14
801and try again.  Then take a look at the logfile and see whether
802there are any security related problems listed (unsafe files).
803
804
805+-------------------------------------+
806| OPERATING SYSTEM AND COMPILE QUIRKS |
807+-------------------------------------+
808
809GCC problems
810	When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
811		too (see include/sm/cdefs.h for more info).
812
813	*****************************************************************
814	**  IMPORTANT:  DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE    **
815	**  RUNNING GCC 2.4.x or 2.5.x.  THERE IS A BUG IN THE GCC     **
816	**  OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
817	*****************************************************************
818
819	Jim Wilson of Cygnus believes he has found the problem -- it will
820	probably be fixed in GCC 2.5.6 -- but until this is verified, be
821	very suspicious of gcc -O.  This problem is reported to have been
822	fixed in gcc 2.6.
823
824	A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
825	optimization on a Sparc.  If you are using gcc 2.5.5, youi should
826	upgrade to the latest version of gcc.
827
828	Apparently GCC 2.7.0 on the Pentium processor has optimization
829	problems.  I recommend against using -O on that architecture.  This
830	has been seen on FreeBSD 2.0.5 RELEASE.
831
832	Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
833
834	We have been told there are problems with gcc 2.8.0.  If you are
835	using this version, you should upgrade to 2.8.1 or later.
836
837Berkeley DB
838	Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
839	You need at least 4.1.25.
840
841GDBM	GDBM does not work with sendmail because the additional
842	security checks and file locking cause problems.  Unfortunately,
843	gdbm does not provide a compile flag in its version of ndbm.h so
844	the code can adapt.  Until the GDBM authors can fix these problems,
845	GDBM will not be supported.  Please use Berkeley DB instead.
846
847Configuration file location
848	Up to 8.6, sendmail tried to find the sendmail.cf file in the same
849	place as the vendors had put it, even when this was obviously
850	stupid.  As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
851	Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
852	You can get sendmail to use the stupid vendor .cf location by
853	adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
854	support programs and scripts that need to find sendmail.cf.  You
855	are STRONGLY urged to use symbolic links if you want to use the
856	vendor location rather than changing the location in the sendmail
857	binary.
858
859	NETINFO systems use NETINFO to determine the location of
860	sendmail.cf.  The full path to sendmail.cf is stored as the value of
861	the "sendmail.cf" property in the "/locations/sendmail"
862	subdirectory of NETINFO.  Set the value of this property to
863	"/etc/mail/sendmail.cf" (without the quotes) to use this new
864	default location for Sendmail 8.10.0 and higher.
865
866ControlSocket permissions
867	Paraphrased from BIND 8.2.1's README:
868
869	Solaris and other pre-4.4BSD kernels do not respect ownership or
870	protections on UNIX-domain sockets.  The short term fix for this is to
871	override the default path and put such control sockets into root-
872	owned directories which do not permit non-root to r/w/x through them.
873	The long term fix is for all kernels to upgrade to 4.4BSD semantics.
874
875HP MPE/iX
876	The MPE-specific code within sendmail emulates a set-user-id root
877	environment for the sendmail binary.  But there is no root uid 0 on
878	MPE, nor is there any support for set-user-id programs.  Even when
879	sendmail thinks it is running as uid 0, it will still have the file
880	access rights of the underlying non-zero uid, but because sendmail is
881	an MPE priv-mode program it will still be able to call setuid() to
882	successfully switch to a new uid.
883
884	MPE setgid() semantics don't quite work the way sendmail expects, so
885	special emulation is done here also.
886
887	This uid/gid emulation is enabled via the setuid/setgid file mode bits
888	which are not currently used by MPE.  Code in libsm/mpeix.c examines
889	these bits and enables emulation if they have been set, i.e.,
890	chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
891
892SunOS 4.x (Solaris 1.x)
893	You may have to use -lresolv on SunOS.  However, beware that
894	this links in a new version of gethostbyname that does not
895	understand NIS, so you must have all of your hosts in DNS.
896
897	Some people have reported problems with the SunOS version of
898	-lresolv and/or in.named, and suggest that you get a newer
899	version.  The symptoms are delays when you connect to the
900	SMTP server on a SunOS machine or having your domain added to
901	addresses inappropriately.  There is a version of BIND
902	version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
903
904	There is substantial disagreement about whether you can make
905	this work with resolv+, which allows you to specify a search-path
906	of services.  Some people report that it works fine, others
907	claim it doesn't work at all (including causing sendmail to
908	drop core when it tries to do multiple resolv+ lookups for a
909	single job).  I haven't tried resolv+, as we use DNS exclusively.
910
911	Should you want to try resolv+, it is on ftp.uu.net in
912	/networking/ip/dns.
913
914	Apparently getservbyname() can fail under moderate to high
915	load under some circumstances.  This will exhibit itself as
916	the message ``554 makeconnection: service "smtp" unknown''.
917	The problem has been traced to one or more blank lines in
918	/etc/services on the NIS server machine.  Delete these
919	and it should work.  This info is thanks to Brian Bartholomew
920	<bb@math.ufl.edu> of I-Kinetics, Inc.
921
922	NOTE: The SunOS 4.X linker uses library paths specified during
923	compilation using -L for run-time shared library searches.
924	Therefore, it is vital that relative and unsafe directory paths not
925	be used when compiling sendmail.
926
927SunOS 4.0.2 (Sun 386i)
928	Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
929	From: teus@oce.nl
930
931	Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
932	following changes:
933	* Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
934	  available as "uname" command.
935	* Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
936	  devtools/OS/SunOS.4.0, which is selected via the "uname" command.
937	I recommend to make available the db-library on the system first
938	(and change the Makefile to use this library).
939	Note that the sendmail.cf and aliases files are found in /etc.
940
941SunOS 4.1.3, 4.1.3_U1
942	Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1.  According
943	to Sun bug number 1077939:
944
945	If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
946	after the other side of the connection has sent a TCP RESET for
947	the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
948	ip_ctloutput() routine.
949
950	For 4.1.3, this is fixed in patch 100584-08, available on the
951	Sunsolve 2.7.1 or later CDs.  For 4.1.3_U1, this was fixed in patch
952	101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
953	obsoleted by patch 102010-05.
954
955	Sun patch 100584-08 is not currently publicly available on their
956	ftp site but a user has reported it can be found at other sites
957	using a web search engine.
958
959Solaris 2.x (SunOS 5.x)
960	To compile for Solaris, the Makefile built by Build must
961	include a SOLARIS definition which reflects the Solaris version
962	(i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
963	If you are using gcc, make sure -I/usr/include is not used (or
964	it might complain about TopFrame).  If you are using Sun's cc,
965	make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
966	(or it might complain about tm_zone).
967
968	The Solaris 2.x (x <= 3) "syslog" function is apparently limited
969	to something about 90 characters because of a kernel limitation.
970	If you have source code, you can probably up this number.  You
971	can get patches that fix this problem:  the patch ids are:
972
973		Solaris 2.1	100834
974		Solaris 2.2	100999
975		Solaris 2.3	101318
976
977	Be sure you have the appropriate patch installed or you won't
978	see system logging.
979
980Solaris 2.4 (SunOS 5.4)
981	If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
982	the risk of getting the wrong libraries under some circumstances.
983	This is because of a new feature in Solaris 2.4, described by
984	Rod.Evans@Eng.Sun.COM:
985
986	>> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
987	>> runtime linker if the application was setxid (secure), thus your
988	>> applications search path would be:
989	>>
990	>>	/usr/local/lib	LD_LIBRARY_PATH component - IGNORED
991	>>	/usr/lib	LD_LIBRARY_PATH component - IGNORED
992	>>	/usr/local/lib	RPATH - honored
993	>>	/usr/lib	RPATH - honored
994	>>
995	>> the effect is that path 3 would be the first used, and this would
996	>> satisfy your resolv.so lookup.
997	>>
998	>> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
999	>> People who developed setxid applications wanted to be able to alter
1000	>> the library search path to some degree to allow for their own
1001	>> testing and debugging mechanisms.  It was decided that the only
1002	>> secure way to do this was to allow a `trusted' path to be used in
1003	>> LD_LIBRARY_PATH.  The only trusted directory we presently define
1004	>> is /usr/lib.  Thus a set-user-ID root developer could play with some
1005	>> alternative shared object implementations and place them in
1006	>> /usr/lib (being root we assume they'ed have access to write in this
1007	>> directory).  This change was made as part of 1155380 - after a
1008	>> *huge* amount of discussion regarding the security aspect of things.
1009	>>
1010	>> So, in SunOS 5.4 your applications search path would be:
1011	>>
1012	>>	/usr/local/lib	from LD_LIBRARY_PATH - IGNORED (untrustworthy)
1013	>>	/usr/lib	from LD_LIBRARY_PATH - honored (trustworthy)
1014	>>	/usr/local/lib	from RPATH - honored
1015	>>	/usr/lib	from RPATH - honored
1016	>>
1017	>> here, path 2 would be the first used.
1018
1019Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
1020	Apparently Solaris 2.5.1 patch 103663-01 installs a new
1021	/usr/include/resolv.h file that defines the __P macro without
1022	checking to see if it is already defined.  This new resolv.h is also
1023	included in the Solaris 2.6 distribution.  This causes compile
1024	warnings such as:
1025
1026	   In file included from daemon.c:51:
1027	   /usr/include/resolv.h:208: warning: `__P' redefined
1028	   cdefs.h:58: warning: this is the location of the previous definition
1029
1030	These warnings can be safely ignored or you can create a resolv.h
1031	file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
1032
1033	   #undef __P
1034	   #include "/usr/include/resolv.h"
1035
1036	This problem was fixed in Solaris 7 (Sun bug ID 4081053).
1037
1038Solaris 7 (SunOS 5.7)
1039	Solaris 7 includes LDAP libraries but the implementation was
1040	lacking a few things.  The following settings can be placed in
1041	devtools/Site/site.SunOS.5.7.m4 if you plan on using those
1042	libraries.
1043
1044	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1045	APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
1046	APPENDDEF(`confLIBS', `-lldap')
1047
1048	Also, Sun's patch 107555 is needed to prevent a crash in the call
1049	to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
1050	LDAP support is compiled in sendmail.
1051
1052Solaris 8 and later (SunOS 5.8 and later)
1053	Solaris 8 and later can optionally install LDAP support.  If you
1054	have installed the Entire Distribution meta-cluster, you can use
1055	the following in devtools/Site/site.SunOS.5.8.m4 (or other
1056	appropriately versioned file) to enable LDAP:
1057
1058	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1059	APPENDDEF(`confLIBS', `-lldap')
1060
1061Solaris 9 and later (SunOS 5.9 and later)
1062	Solaris 9 and later have a revised LDAP library, libldap.so.5,
1063	which is derived from a Netscape implementation, thus requiring
1064	that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
1065
1066	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1067	APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
1068	APPENDDEF(`confLIBS', `-lldap')
1069
1070Solaris
1071	If you are using dns for hostname resolution on Solaris, make sure
1072	that the 'dns' entry is last on the hosts line in
1073	'/etc/nsswitch.conf'.  For example, use:
1074
1075		hosts:	nisplus files dns
1076
1077	Do not use:
1078
1079		hosts:  nisplus dns [NOTFOUND=return] files
1080
1081	Note that 'nisplus' above is an illustration.  The same comment
1082	applies no matter what naming services you are using.  If you have
1083	anything other than dns last, even after "[NOTFOUND=return]",
1084	sendmail may not be able to determine whether an error was
1085	temporary or permanent.  The error returned by the solaris
1086	gethostbyname() is the error for the last lookup used, and other
1087	naming services do not have the same concept of temporary failure.
1088
1089Ultrix
1090	By default, the IDENT protocol is turned off on Ultrix.  If you
1091	are running Ultrix 4.4 or later, or if you have included patch
1092	CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
1093	IDENT on in the configuration file by setting the "ident" timeout.
1094
1095	The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
1096	included in libc.a.  Unfortunately, the __RES symbol hasn't changed
1097	and therefore, sendmail can no longer automatically detect the
1098	newer version.  If you get a compiler error:
1099
1100	/lib/libc.a(gethostent.o): local_hostname_length: multiply defined
1101
1102	Then rebuild with this in devtools/Site/site.ULTRIX.m4:
1103
1104	APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
1105
1106Digital UNIX (formerly DEC OSF/1)
1107	If you are compiling on OSF/1 (DEC Alpha), you must use
1108	-L/usr/shlib (otherwise it core dumps on startup).  You may also
1109	need -mld to get the nlist() function, although some versions
1110	apparently don't need this.
1111
1112	Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
1113	it, just create the link to the sendmail binary.
1114
1115	On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
1116	properly due to a bug in the getpw* routines.  If you want to use
1117	this, use -DDEC_OSF_BROKEN_GETPWENT=1.  The problem is fixed in 3.2C.
1118
1119	Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
1120	only preserve the envelope sender in the "From " header if
1121	DefaultUserID is set to daemon.  Setting this to mailnull will
1122	cause all mail to have the header "From mailnull ...".  To use
1123	a different DefaultUserID, you will need to use a different mail
1124	delivery agent (such as mail.local found in the sendmail
1125	distribution).
1126
1127	On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
1128	operating system and already has the ndbm.o module removed.  However,
1129	Digital has modified the original Berkeley DB db.h include file.
1130	This results in the following warning while compiling map.c and udb.c:
1131
1132	cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
1133	 "__signed" conflicts with a current definition because the replacement
1134	 lists differ.  The redefinition is now in effect.
1135	#define __signed        signed
1136	------------------------^
1137
1138	This warning can be ignored.
1139
1140	Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
1141	If you have installed a new version of BIND in /usr/include
1142	and /usr/lib, you will experience difficulties as Digital ships
1143	libresolv.a in /usr/ccs/lib/ as well.  Be sure to replace both
1144	copies of libresolv.a.
1145
1146IRIX
1147	The header files on SGI IRIX are completely prototyped, and as
1148	a result you can sometimes get some warning messages during
1149	compilation.  These can be ignored.  There are two errors in
1150	deliver only if you are using gcc, both of the form ``warning:
1151	passing arg N of `execve' from incompatible pointer type''.
1152	Also, if you compile with -DNIS, you will get a complaint
1153	about a declaration of struct dom_binding in a prototype
1154	when compiling map.c; this is not important because the
1155	function being prototyped is not used in that file.
1156
1157	In order to compile sendmail you will have had to install
1158	the developers' option in order to get the necessary include
1159	files.
1160
1161	If you compile with -lmalloc (the fast memory allocator), you may
1162	get warning messages such as the following:
1163
1164	   ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
1165		preempts that definition in /usr/lib32/mips3/libc.so.
1166	   ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
1167		preempts that definition in /usr/lib32/mips3/libc.so.
1168	   ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
1169		preempts that definition in /usr/lib32/mips3/libc.so.
1170	   ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
1171		preempts that definition in /usr/lib32/mips3/libc.so.
1172	   ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
1173		preempts that definition in /usr/lib32/mips3/libc.so.
1174
1175	These are unavoidable and innocuous -- just ignore them.
1176
1177IRIX 6.x
1178	If you are using XFS filesystem, avoid using the -32 ABI switch to
1179	the cc compiler if possible.
1180
1181	Broken inet_aton and inet_ntoa on IRIX using gcc: There's
1182	a problem with gcc on IRIX, i.e., gcc can't pass structs
1183	less than 16 bits long unless they are 8 bits; IRIX 6.2 has
1184	some other sized structs.  See
1185	http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
1186	This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
1187	is reported as broken.  Check your gcc version for this bug
1188	before installing sendmail.
1189
1190IRIX 6.4
1191	The IRIX 6.5.4 version of /bin/m4 does not work properly with
1192	sendmail.  Either install fw_m4.sw.m4 off the Freeware_May99 CD and
1193	use /usr/freeware/bin/m4 or install and use GNU m4.
1194
1195NeXT or NEXTSTEP
1196	NEXTSTEP 3.3 and earlier ship with the old DBM library.  Also,
1197	Berkeley DB does not currently run on NEXTSTEP.
1198
1199	If you are compiling on NEXTSTEP, you will have to create an
1200	empty file "unistd.h" and create a file "dirent.h" containing:
1201
1202		#include <sys/dir.h>
1203		#define dirent	direct
1204
1205	(devtools/OS/NeXT should try to do both of these for you.)
1206
1207	Apparently, there is a bug in getservbyname on Nextstep 3.0
1208	that causes it to fail under some circumstances with the
1209	message "SYSERR: service "smtp" unknown" logged.  You should
1210	be able to work around this by including the line:
1211
1212		OOPort=25
1213
1214	in your .cf file.
1215
1216BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
1217	The "m4" from BSDI won't handle the config files properly.
1218	I haven't had a chance to test this myself.
1219
1220	The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
1221	files properly.  One must use either GNU m4 1.1 or the PD-M4
1222	recently posted in comp.os.386bsd.bugs (and maybe others).
1223	NetBSD-current includes the PD-M4 (as stated in the NetBSD file
1224	CHANGES).
1225
1226	FreeBSD 1.0 RELEASE has uname(2) now.  Use -DUSEUNAME in order to
1227	use it (look into devtools/OS/FreeBSD).  NetBSD-current may have
1228	it too but it has not been verified.
1229
1230	The latest version of Berkeley DB uses a different naming
1231	scheme than the version that is supplied with your release.  This
1232	means you will be able to use the current version of Berkeley DB
1233	with sendmail as long you use the new db.h when compiling
1234	sendmail and link it against the new libdb.a or libdb.so.  You
1235	should probably keep the original db.h in /usr/include and the
1236	new db.h in /usr/local/include.
1237
12384.3BSD
1239	If you are running a "virgin" version of 4.3BSD, you'll have
1240	a very old resolver and be missing some header files.  The
1241	header files are simple -- create empty versions and everything
1242	will work fine.  For the resolver you should really port a new
1243	version (4.8.3 or later) of the resolver; 4.9 is available on
1244	gatekeeper.DEC.COM in pub/BSD/bind/4.9.  If you are really
1245	determined to continue to use your old, buggy version (or as
1246	a shortcut to get sendmail working -- I'm sure you have the
1247	best intentions to port a modern version of BIND), you can
1248	copy ../contrib/oldbind.compat.c into sendmail and add the
1249	following to devtools/Site/site.config.m4:
1250
1251	APPENDDEF(`confOBJADD', `oldbind.compat.o')
1252
1253OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
1254	m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
1255	maximum length for strings is too short.  You need to use GNU m4
1256	or patch m4, see for example:
1257  http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
1258
1259A/UX
1260	Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
1261	From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
1262	Subject: Fix for A/UX ndbm
1263
1264	I guess this isn't really a sendmail bug, however, it is something
1265	that A/UX users should be aware of when compiling sendmail 8.6.
1266
1267	Apparently, the calls that sendmail is using to the ndbm routines
1268	in A/UX 3.0.x contain calls to "broken" routines, in that the
1269	aliases database will break when it gets "just a little big"
1270	(sorry I don't have exact numbers here, but it broke somewhere
1271	around 20-25 aliases for me.), making all aliases non-functional
1272	after exceeding this point.
1273
1274	What I did was to get the gnu-dbm-1.6 package, compile it, and
1275	then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
1276	ndbm.h header file that comes with the gnu-package.  This makes
1277	things behave properly.
1278	  [NOTE: see comment above about GDBM]
1279
1280	I suppose porting the New Berkeley DB package is another route,
1281	however, I made a quick attempt at it, and found it difficult
1282	(not easy at least); the gnu-dbm package "configured" and
1283	compiled easily.
1284
1285	  [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
1286	  database maps.]
1287
1288SCO Unix
1289	From: Thomas Essebier <tom@stallion.oz.au>
1290	Organisation:  Stallion Technologies Pty Ltd.
1291
1292	It will probably help those who are trying to configure sendmail 8.6.9
1293	to know that if they are on SCO, they had better set
1294		OI-dnsrch
1295	or they will core dump as soon as they try to use the resolver.
1296	i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
1297	it does not inititialise it, nor does it understand 'search' in
1298	/etc/named.boot.
1299		- sigh -
1300
1301	According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
1302	We recommend installing GNU m4 before attempting to build sendmail.
1303
1304	On some versions a bogus error value is listed if connections
1305	time out (large negative number).  To avoid this explicitly set
1306	Timeout.connect to a reasonable value (several minutes).
1307
1308DG/UX
1309	Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
1310	V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
1311	Originally, the DG /bin/mail program wasn't compatible with
1312	the V8 sendmail, since the DG /bin/mail requires the environment
1313	variable "_FORCE_MAIL_LOCAL_=yes" be set.  Version 8.7 now includes
1314	this in the environment before invoking the local mailer.  Some
1315	have used procmail to avoid this problem in the past.  It works
1316	but some have experienced file locking problems with their DG/UX
1317	ports of procmail.
1318
1319Apollo DomainOS
1320	If you are compiling on Apollo, you will have to create an empty
1321	file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
1322	"dirent.h" containing:
1323
1324		#include <sys/dir.h>
1325		#define dirent	direct
1326
1327	(devtools/OS/DomainOS will attempt to do both of these for you.)
1328
1329HP-UX 8.00
1330	Date: Mon, 24 Jan 1994 13:25:45 +0200
1331	From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
1332	Subject: 8.6.5 w/ HP-UX 8.00 on s300
1333
1334	Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
1335	a series 300 machine) running HP-UX 8.00.
1336
1337	I was getting segmentation fault when delivering to a local user.
1338	With debugging I saw it was faulting when doing _free@libc... *sigh*
1339	It seems the new implementation of malloc on s300 is buggy as of 8.0,
1340	so I tried out the one in -lmalloc (malloc(3X)).  With that it seems
1341	to work just dandy.
1342
1343	When linking, you will get the following error:
1344
1345	ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
1346
1347	but you can just ignore it.  You might want to add this info to the
1348	README file for the future...
1349
1350Linux
1351	Something broke between versions 0.99.13 and 0.99.14 of Linux: the
1352	flock() system call gives errors.  If you are running .14, you must
1353	not use flock.  You can do this with -DHASFLOCK=0.  We have also
1354	been getting complaints since version 2.4.X was released.
1355	sendmail 8.13 has changed the default locking method to fcntl()
1356	for Linux kernel version 2.4 and later.  Be sure to update other
1357	sendmail related programs to match locking techniques (some
1358	examples, besides makemap and mail.local, include procmail, mailx,
1359	mutt, elm, etc).
1360
1361	Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
1362	initialization of the _res structure changed.  If /etc/hosts.conf
1363	was configured as "hosts, bind" the resolver code could return
1364	"Name server failure" errors.  This is supposedly fixed in
1365	later versions of libc (>= 4.6.29?), and later versions of
1366	sendmail (> 8.6.10) try to work around the problem.
1367
1368	Some older versions (< 4.6.20?) of the libc/include files conflict
1369	with sendmail's version of cdefs.h.  Deleting sendmail's version
1370	on those systems should be non-harmful, and new versions don't care.
1371
1372	NOTE ON LINUX & BIND:  By default, the Makefile generated for Linux
1373	includes header files in /usr/local/include and libraries in
1374	/usr/local/lib.  If you've installed BIND on your system, the header
1375	files typically end up in the search path and you need to add
1376	"-lresolv" to the LIBS line in your Makefile.  Really old versions
1377	may need to include "-l44bsd" as well (particularly if the link phase
1378	complains about missing strcasecmp, strncasecmp or strpbrk).
1379	Complaints about an undefined reference to `__dn_skipname' in
1380	domain.o are a sure sign that you need to add -lresolv to LIBS.
1381	Newer versions of Linux are basically threaded BIND, so you may or
1382	may not see complaints if you accidentally mix BIND
1383	headers/libraries with virginal libc.  If you have BIND headers in
1384	/usr/local/include (resolv.h, etc) you *should* be adding -lresolv
1385	to LIBS.  Data structures may change and you'd be asking for a
1386	core dump.
1387
1388	A number of problems have been reported regarding the Linux 2.2.0
1389	kernel.  So far, these problems have been tracked down to syslog()
1390	and DNS resolution.  We believe the problem is with the poll()
1391	implementation in the Linux 2.2.0 kernel and poll()-aware versions
1392	of glib (at least up to 2.0.111).
1393
1394glibc
1395	glibc 2.2.1 (and possibly other versions) changed the value of
1396	__RES in resolv.h but failed to actually provide the IPv6 API
1397	changes that the change implied.  Therefore, compiling with
1398	-DNETINET6 fails.
1399
1400	Workarounds:
1401	1) Compile without -DNETINET6
1402	2) Build against a real BIND 8.2.2 include/lib tree
1403	3) Wait for glibc to fix it
1404
1405AIX 4.X
1406	The AIX 4.X linker uses library paths specified during compilation
1407	using -L for run-time shared library searches.  Therefore, it is
1408	vital that relative and unsafe directory paths not be using when
1409	compiling sendmail.  Because of this danger, by default, compiles
1410	on AIX use the -blibpath option to limit shared libraries to
1411	/usr/lib and /lib.  If you need to allow more directories, such as
1412	/usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
1413	site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
1414	appropriately.  For example:
1415
1416	define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
1417
1418	Be sure to only add (safe) system directories.
1419
1420	The AIX version of GNU ld also exhibits this problem.  If you are
1421	using that version, instead of -blibpath, use its -rpath option.
1422	For example:
1423
1424	gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
1425
1426AIX 4.X	If the test program t-event (and most others) in libsm fails,
1427	check your compiler settings.  It seems that the flags -qnoro or
1428	-qnoroconst on some AIX versions trigger a compiler bug.  Check
1429	your compiler settings or use cc instead of xlc.
1430
1431AIX 4.0-4.2, maybe some AIX 4.3 versions
1432	The AIX m4 implements a different mechanism for ifdef which is
1433	inconsistent with other versions of m4.  Therefore, it will not
1434	work properly with the sendmail Build architecture or m4
1435	configuration method.  To work around this problem, please use
1436	GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
1437	The problem seems to be solved in AIX 4.3.3 at least.
1438
1439AIX 4.3.3
1440	From: Valdis.Kletnieks@vt.edu
1441	Date: Sun, 02 Jul 2000 03:58:02 -0400
1442
1443	Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
1444	BIND 8.2.2 security holes, you can no longer build with  -DNETINET6
1445	because they changed the value of __RES in resolv.h but failed to
1446	actually provide the API changes that the change implied.
1447
1448	Workarounds:
1449	1) Compile without -DNETINET6
1450	2) Build against a real BIND 8.2.2 include/lib tree
1451	3) Wait for IBM to fix it
1452
1453AIX 3.x
1454	This version of sendmail does not support MB, MG, and MR resource
1455	records, which are supported by AIX sendmail.
1456
1457	Several people have reported that the IBM-supplied named returns
1458	fairly random results -- the named should be replaced.  It is not
1459	necessary to replace the resolver, which will simplify installation.
1460	A new BIND resolver can be found at http://www.isc.org/isc/.
1461
1462AIX 3.1.x
1463	The supplied load average code only works correctly for AIX 3.2.x.
1464	For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
1465	package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
1466	directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
1467	daemon, and the getloadavg subroutine supplied with that package.
1468	If you don't care about load average throttling, just turn off
1469	load average checking using -DLA_TYPE=LA_ZERO.
1470
1471RISC/os
1472	RISC/os from MIPS is a merged AT&T/Berkeley system.  When you
1473	compile on that platform you will get duplicate definitions
1474	on many files.  You can ignore these.
1475
1476System V Release 4 Based Systems
1477	There is a single devtools OS that is intended for all SVR4-based
1478	systems (built from devtools/OS/SVR4).  It defines __svr4__,
1479	which is predefined by some compilers.  If your compiler already
1480	defines this compile variable, you can delete the definition from
1481	the generated Makefile or create a devtools/Site/site.config.m4
1482	file.
1483
1484	It's been tested on Dell Issue 2.2.
1485
1486DELL SVR4
1487	Date:      Mon, 06 Dec 1993 10:42:29 EST
1488	From: "Kimmo Suominen" <kim@grendel.lut.fi>
1489	Message-ID: <2d0352f9.lento29@lento29.UUCP>
1490	To: eric@cs.berkeley.edu
1491	Cc: sendmail@cs.berkeley.edu
1492	Subject:   Notes for DELL SVR4
1493
1494	Eric,
1495
1496	Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4.  I ran
1497	across these things when helping out some people who contacted me by
1498	e-mail.
1499
1500	1) Use gcc 2.4.5 (or later?).  Dell distributes gcc 2.1 with their
1501	   Issue 2.2 Unix.  It is too old, and gives you problems with
1502	   clock.c, because sigset_t won't get defined in <sys/signal.h>.
1503	   This is due to a problematic protection rule in there, and is
1504	   fixed with gcc 2.4.5.
1505
1506	2) If you don't use the new Berkeley DB (-DNEWDB), then you need
1507	   to add "-lc -lucb" to the libraries to link with.  This is because
1508	   the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
1509	   functions.  It is important that you specify both libraries in
1510	   the given order to be sure you only get the BSTRING functions
1511	   from the UCB library (and not the signal routines etc.).
1512
1513	3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
1514	   The UCB library also has another copy of the nlist routines,
1515	   but we do want the ones from "-lelf".
1516
1517	If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
1518	can use anonymous ftp to fetch them from lut.fi in the /kim directory.
1519	They are copies of what I use on grendel.lut.fi, and offering them
1520	does not imply that I would also support them.  I have sent the DB
1521	port for SVR4 back to Keith Bostic for inclusion in the official
1522	distribution, but I haven't heard anything from him as of today.
1523
1524	- gcc-2.4.5-svr4.tar.gz	(gcc 2.4.5 and the corresponding libg++)
1525	- db-1.72.tar.gz	(with source, objects and a installed copy)
1526
1527	Cheers
1528	+ Kim
1529	--
1530	 *  Kimmo.Suominen@lut.fi  *  SysVr4 enthusiast at GRENDEL.LUT.FI  *
1531	*    KIM@FINFILES.BITNET   *  Postmaster and Hostmaster at LUT.FI   *
1532	 *    + 358 200 865 718    *  Unix area moderator at NIC.FUNET.FI  *
1533
1534ConvexOS 10.1 and below
1535	In order to use the name server, you must create the file
1536	/etc/use_nameserver.  If this file does not exist, the call
1537	to res_init() will fail and you will have absolutely no
1538	access to DNS, including MX records.
1539
1540Amdahl UTS 2.1.5
1541	In order to get UTS to work, you will have to port BIND 4.9.
1542	The vendor's BIND is reported to be ``totally inadequate.''
1543	See sendmail/contrib/AmdahlUTS.patch for the patches necessary
1544	to get BIND 4.9 compiled for UTS.
1545
1546UnixWare
1547	According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
1548	the m4 on UnixWare 2.0 (still in Beta) will core dump on the
1549	config files.  GNU m4 and the m4 from UnixWare 1.x both work.
1550
1551	According to Larry Rosenman <ler@lerami.lerctr.org>:
1552
1553		UnixWare 2.1.[23]'s m4 chokes (not obviously) when
1554		processing the 8.9.0 cf files.
1555
1556		I had a LOCAL_RULE_0 that wound up AFTER the
1557		SBasic_check_rcpt rules using the SCO supplied M4.
1558		GNU M4 works fine.
1559
1560UNICOS 8.0.3.4
1561	Some people have reported that the -O flag on UNICOS can cause
1562	problems.  You may want to turn this off if you have problems
1563	running sendmail.  Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
1564
1565Darwin/Mac OS X (10.X.X)
1566	The linker errors produced regarding getopt() and its associated
1567	variables can safely be ignored.
1568
1569	From Mike Zimmerman <zimmy@torrentnet.com>:
1570
1571	From scratch here is what Darwin users need to do to the standard
1572	10.0.0, 10.0.1 install to get sendmail working.
1573	1. chmod g-w / /private /private/etc
1574	2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
1575	   HOSTNAME=-my.domain.com-
1576	3. Edit /etc/rc.boot:
1577	   hostname my.domain.com
1578	   domainname domain.com
1579	4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
1580	   Remove the "&" after the sendmail command:
1581	   /usr/sbin/sendmail -bd -q1h
1582
1583	From Carsten Klapp <carsten.klapp@home.com>:
1584
1585	The easiest workaround is to remove the group-writable permission
1586	for the root directory and the symbolic /etc inherits this
1587	change. While this does fix sendmail, the unfortunate side-effect
1588	is the OS X admin will no longer be able to manipulate icons in the
1589	top level of the Startup disk unless logged into the GUI as the
1590	superuser.
1591
1592	In applying the alternate workaround, care must be taken while
1593	swapping the symlink /etc with the directory /private/etc. In all
1594	likelihood any admin who is concerned with this sendmail error has
1595	enough experience to not accidentally harm anything in the process.
1596
1597	a. Swap the /etc symlink with /private/etc (as superuser):
1598	   rm /etc
1599	   mv /private/etc /etc
1600	   ln -s /etc /private/etc
1601
1602	b. Set / to group unwritable (as superuser):
1603	   chmod g-w /
1604
1605Darwin/Mac OS X (10.1.5)
1606	Apple's upgrade to sendmail 8.12 is incorrectly configured.  You
1607	will need to manually fix it up by doing the following:
1608
1609	1. chown smmsp:smmsp /var/spool/clientmqueue
1610	2. chmod 2770 /var/spool/clientmqueue
1611	3. chgrp smmsp /usr/sbin/sendmail
1612	4. chmod g+s /usr/sbin/sendmail
1613
1614	From Daniel J. Luke <dluke@geeklair.net>:
1615
1616	It appears that setting the sendmail.cf property in
1617	/locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
1618	8.12.4 causes 'bad things' to happen.
1619
1620	Specifically sendmail instances that should be getting their config
1621	from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
1622	open pipes to sendmail stop working as sendmail tries to write to
1623	/var/spool/mqueue and cannot as sendmail is no longer suid root).
1624
1625	Removing the entry from NetInfo fixes this problem.
1626
1627GNU getopt
1628	I'm told that GNU getopt has a problem in that it gets confused
1629	by the double call.  Use the version in conf.c instead.
1630
1631BIND 4.9.2 and Ultrix
1632	If you are running on Ultrix, be sure you read conf/Info.Ultrix
1633	in the BIND distribution very carefully -- there is information
1634	in there that you need to know in order to avoid errors of the
1635	form:
1636
1637		/lib/libc.a(gethostent.o): sethostent: multiply defined
1638		/lib/libc.a(gethostent.o): endhostent: multiply defined
1639		/lib/libc.a(gethostent.o): gethostbyname: multiply defined
1640		/lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
1641
1642	during the link stage.
1643
1644BIND 8.X
1645	BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
1646	DNS failures when trying to find the hostname associated with an IP
1647	address (gethostbyaddr()).  This can cause problems as
1648	$&{client_name} based lookups in class R ($=R) and the access
1649	database won't succeed.
1650
1651	This will be fixed in BIND 8.2.1.  For earlier versions, this can
1652	be fixed by making "dns" the last name service queried for host
1653	resolution in /etc/irs.conf:
1654
1655		hosts local continue
1656		hosts dns
1657
1658strtoul
1659	Some compilers (notably gcc) claim to be ANSI C but do not
1660	include the ANSI-required routine "strtoul".  If your compiler
1661	has this problem, you will get an error in srvrsmtp.c on the
1662	code:
1663
1664	  # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
1665			e->e_msgsize = strtoul(vp, (char **) NULL, 10);
1666	  # else
1667			e->e_msgsize = strtol(vp, (char **) NULL, 10);
1668	  # endif
1669
1670	You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
1671
1672Listproc 6.0c
1673	Date: 23 Sep 1995 23:56:07 GMT
1674	Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
1675	From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
1676	Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
1677
1678	Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
1679	breaks, because it, by default, sends a blank "HELO" rather than
1680	a "HELO hostname" when using the 'system' or 'telnet' mail method.
1681
1682	The fix is to include -DZMAILER in the compilation, which will
1683	cause it to use "HELO hostname" (which Z-mail apparently requires
1684	as well. :)
1685
1686PH
1687	PH support is provided by Mark Roth <roth@uiuc.edu>.
1688
1689	NOTE: The "spacedname" pseudo-field which was used by earlier
1690	versions of the PH map code is no longer supported!  See the URL
1691	listed above for more information.
1692
1693	Please contact Mark Roth for support and questions regarding the
1694	map.
1695
1696TCP Wrappers
1697	If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
1698	also need to install libwrap.a and modify your site.config.m4 file
1699	or the generated Makefile to include -lwrap in the LIBS line
1700	(make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
1701	libwrap.a can be found).
1702
1703	TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
1704
1705	If you have alternate MX sites for your site, be sure that all of
1706	your MX sites reject the same set of hosts.  If not, a bad guy whom
1707	you reject will connect to your site, fail, and move on to the next
1708	MX site, which will accept the mail for you and forward it on to you.
1709
1710Regular Expressions (MAP_REGEX)
1711	If sendmail linking fails with:
1712
1713		undefined reference to 'regcomp'
1714
1715	or sendmail gives an error about a regular expression with:
1716
1717		pattern-compile-error: : Operation not applicable
1718
1719	Your libc does not include a running version of POSIX-regex.  Use
1720	librx or regex.o from the GNU Free Software Foundation,
1721	ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
1722	ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
1723	You can also use the regex-lib by Henry Spencer,
1724	ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
1725	Make sure, your compiler reads regex.h from the distribution,
1726	not from /usr/include, otherwise sendmail will dump a core.
1727
1728Fedora Core 5, 64 bit version
1729	If the ld stage fails with undefined functions like
1730	__res_querydomain, __dn_expand
1731	then add these lines to devtools/Site/site.config.m4
1732
1733	APPENDDEF(`confLIBDIRS', `-L/usr/lib64')
1734	APPENDDEF(`confINCDIRS', `-I/usr/include/bind9')
1735
1736	and rebuild (sh ./Build -c).
1737
1738	Problem noted by Daniel Krones, solution suggested by
1739	Anthony Howe.
1740
1741
1742+--------------+
1743| MANUAL PAGES |
1744+--------------+
1745
1746The manual pages have been written against the -man macros, and
1747should format correctly with any reasonable *roff.
1748
1749
1750+-----------------+
1751| DEBUGGING HOOKS |
1752+-----------------+
1753
1754As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
1755some debugging output (logged at LOG_DEBUG severity).  The
1756information dumped is:
1757
1758 * The value of the $j macro.
1759 * A warning if $j is not in the set $=w.
1760 * A list of the open file descriptors.
1761 * The contents of the connection cache.
1762 * If ruleset 89 is defined, it is evaluated and the results printed.
1763
1764This allows you to get information regarding the runtime state of the
1765daemon on the fly.  This should not be done too frequently, since
1766the process of rewriting may lose memory which will not be recovered.
1767Also, ruleset 89 may call non-reentrant routines, so there is a small
1768non-zero probability that this will cause other problems.  It is
1769really only for debugging serious problems.
1770
1771A typical formulation of ruleset 89 would be:
1772
1773	R$*		$@ $>0 some test address
1774
1775
1776+-----------------------------+
1777| DESCRIPTION OF SOURCE FILES |
1778+-----------------------------+
1779
1780The following list describes the files in this directory:
1781
1782Build		Shell script for building sendmail.
1783Makefile	A convenience for calling ./Build.
1784Makefile.m4	A template for constructing a makefile based on the
1785		information in the devtools directory.
1786README		This file.
1787TRACEFLAGS	My own personal list of the trace flags -- not guaranteed
1788		to be particularly up to date.
1789alias.c		Does name aliasing in all forms.
1790aliases.5	Man page describing the format of the aliases file.
1791arpadate.c	A subroutine which creates ARPANET standard dates.
1792bf.c		Routines to implement memory-buffered file system using
1793		hooks provided by libsm now (formerly Torek stdio library).
1794bf.h		Buffered file I/O function declarations and
1795		data structure and function declarations for bf.c.
1796collect.c	The routine that actually reads the mail into a temp
1797		file.  It also does a certain amount of parsing of
1798		the header, etc.
1799conf.c		The configuration file.  This contains information
1800		that is presumed to be quite static and non-
1801		controversial, or code compiled in for efficiency
1802		reasons.  Most of the configuration is in sendmail.cf.
1803conf.h		Configuration that must be known everywhere.
1804control.c	Routines to implement control socket.
1805convtime.c	A routine to sanely process times.
1806daemon.c	Routines to implement daemon mode.
1807deliver.c	Routines to deliver mail.
1808domain.c	Routines that interface with DNS (the Domain Name
1809		System).
1810envelope.c	Routines to manipulate the envelope structure.
1811err.c		Routines to print error messages.
1812headers.c	Routines to process message headers.
1813helpfile	An example helpfile for the SMTP HELP command and -bt mode.
1814macro.c		The macro expander.  This is used internally to
1815		insert information from the configuration file.
1816mailq.1		Man page for the mailq command.
1817main.c		The main routine to sendmail.  This file also
1818		contains some miscellaneous routines.
1819makesendmail	A convenience for calling ./Build.
1820map.c		Support for database maps.
1821mci.c		Routines that handle mail connection information caching.
1822milter.c	MTA portions of the mail filter API.
1823mime.c		MIME conversion routines.
1824newaliases.1	Man page for the newaliases command.
1825parseaddr.c	The routines which do address parsing.
1826queue.c		Routines to implement message queueing.
1827readcf.c	The routine that reads the configuration file and
1828		translates it to internal form.
1829recipient.c	Routines that manipulate the recipient list.
1830sasl.c		Routines to interact with Cyrys-SASL.
1831savemail.c	Routines which save the letter on processing errors.
1832sendmail.8	Man page for the sendmail command.
1833sendmail.h	Main header file for sendmail.
1834sfsasl.c	I/O interface between SASL/TLS and the MTA.
1835sfsasl.h	Header file for sfsasl.c.
1836shmticklib.c	Routines for shared memory counters.
1837sm_resolve.c	Routines for DNS lookups (for DNS map type).
1838sm_resolve.h	Header file for sm_resolve.c.
1839srvrsmtp.c	Routines to implement server SMTP.
1840stab.c		Routines to manage the symbol table.
1841stats.c		Routines to collect and post the statistics.
1842statusd_shm.h	Data structure and function declarations for shmticklib.c.
1843sysexits.c	List of error messages associated with error codes
1844		in sysexits.h.
1845sysexits.h	List of error codes for systems that lack their own.
1846timers.c	Routines to provide microtimers.
1847timers.h	Data structure and function declarations for timers.h.
1848tls.c		Routines for TLS.
1849trace.c		The trace package.  These routines allow setting and
1850		testing of trace flags with a high granularity.
1851udb.c		The user database interface module.
1852usersmtp.c	Routines to implement user SMTP.
1853util.c		Some general purpose routines used by sendmail.
1854version.c	The version number and information about this
1855		version of sendmail.
1856
1857
1858+---------------------------+
1859| SOME NOTES ABOUT THE CODE |
1860+---------------------------+
1861
1862Some things are not easy to understand by just reading the source
1863code, so this section has some notes which might be interesting for
1864those who want to enhance sendmail.  These notes are not exhaustive
1865but just cover some things which might be interesting.
1866
1867Address format: sendmail uses a range of 8 bit characters for its
1868internal purposes as noted in sendmail.h:
1869
1870**  Special characters in rewriting rules.
1871**	These are used internally only.
1872
1873To handle all 8 bit characters, sendmail uses two address formats:
1874internal and external -- for details see the comments in cataddr()
1875as well as the functions quote_internal_chars() and
1876dequote_internal_chars() in libsm/util.c.
1877
1878These formats are marked in many places with [i] and [x] respectively.
1879Some functions only work on one kind of those formats, so it is
1880important to mark the strings accordingly. In some cases the marker
1881[A] is used to denote that the string format does not matter (which
1882is the default) -- this is only used in cases where there might be
1883some confusion about any format requirements.
1884